Puppet Class: profile::aptrepo::wikimedia

Defined in:
modules/profile/manifests/aptrepo/wikimedia.pp

Overview

Parameters:

  • primary_server (Stdlib::Fqdn) (defaults to: lookup('aptrepo_server'))
  • secondary_servers (Array[Stdlib::Fqdn]) (defaults to: lookup('aptrepo_servers_failover'))
  • aptrepo_vhost (String) (defaults to: lookup('aptrepo_hostname'))
  • public_basedir (Stdlib::Unixpath) (defaults to: lookup('profile::aptrepo::wikimedia::basedir'))
  • private_basedir (Stdlib::Unixpath) (defaults to: lookup('profile::aptrepo::private::basedir'))
  • homedir (Stdlib::Unixpath) (defaults to: lookup('profile::aptrepo::wikimedia::homedir'))
  • gpg_user (String) (defaults to: lookup('profile::aptrepo::wikimedia::gpg_user'))
  • gpg_pubring (Optional[String]) (defaults to: lookup('profile::aptrepo::wikimedia::gpg_pubring', {'default_value' => undef}))
  • gpg_secring (Optional[String]) (defaults to: lookup('profile::aptrepo::wikimedia::gpg_secring', {'default_value' => undef}))
  • private_repo_port (Optional[Integer]) (defaults to: lookup('profile::aptrepo::private::port', {'default_value' => 8080}))


36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# File 'modules/profile/manifests/aptrepo/wikimedia.pp', line 36

class profile::aptrepo::wikimedia (
    Stdlib::Fqdn        $primary_server    = lookup('aptrepo_server'),
    Array[Stdlib::Fqdn] $secondary_servers = lookup('aptrepo_servers_failover'),
    String              $aptrepo_vhost     = lookup('aptrepo_hostname'),
    Stdlib::Unixpath    $public_basedir    = lookup('profile::aptrepo::wikimedia::basedir'),
    Stdlib::Unixpath    $private_basedir   = lookup('profile::aptrepo::private::basedir'),
    Stdlib::Unixpath    $homedir           = lookup('profile::aptrepo::wikimedia::homedir'),
    String              $gpg_user          = lookup('profile::aptrepo::wikimedia::gpg_user'),
    Optional[String]    $gpg_pubring       = lookup('profile::aptrepo::wikimedia::gpg_pubring', {'default_value' => undef}),
    Optional[String]    $gpg_secring       = lookup('profile::aptrepo::wikimedia::gpg_secring', {'default_value' => undef}),
    Optional[Integer]   $private_repo_port = lookup('profile::aptrepo::private::port', {'default_value' => 8080}),
){
    ferm::service { 'aptrepos_public_http':
        proto => 'tcp',
        port  => '(http https)',
    }

    ferm::service { 'aptrepos_private_http':
        proto  => 'tcp',
        port   => "(${private_repo_port})",
        srange => '$DOMAIN_NETWORKS',
    }

    class { 'aptrepo::common':
        homedir     => $homedir,
        basedir     => $public_basedir,
        gpg_user    => $gpg_user,
        gpg_secring => $gpg_secring,
        gpg_pubring => $gpg_pubring,
    }

    # Public repo, served by nginx
    aptrepo::repo { 'public_apt_repository':
        basedir            => $public_basedir,
        incomingdir        => 'incoming',
        distributions_file => 'puppet:///modules/aptrepo/distributions-wikimedia',
    }

    # Private repo, served by Apache
    aptrepo::repo { 'private_apt_repository':
        basedir            => $private_basedir,
        incomingdir        => 'incoming',
        distributions_file => 'puppet:///modules/aptrepo/distributions-private',
    }

    $private_reprepro_wrapper = @("SCRIPT" /$)
    #!/bin/bash
    REPREPRO_BASE_DIR=${private_basedir} /usr/bin/reprepro "$@"
    |SCRIPT
    file { '/usr/local/sbin/private_reprepro':
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0500',
        content => $private_reprepro_wrapper,
    }

    class { 'aptrepo::tftp': }
    include ::profile::backup::host

    # The repository data
    backup::set { 'srv-wikimedia': }

    class { 'aptrepo::rsync':
        primary_server    => $primary_server,
        secondary_servers => $secondary_servers,
    }

    if $primary_server == $::fqdn {
        monitoring::service { 'https':
            description   => 'HTTPS',
            check_command => 'check_ssl_http_letsencrypt_ocsp!apt.wikimedia.org',
            notes_url     => 'https://wikitech.wikimedia.org/wiki/APT_repository',
        }
        $motd_ensure = 'absent'
    } else {
        $motd_ensure = 'present'
    }

    motd::script { 'inactive_warning':
        ensure   => $motd_ensure,
        priority => 1,
        content  => template('profile/install_server/inactive.motd.erb'),
    }
}